Edge protection w/ endpoint

Started by fsck, December 05, 2018, 12:26:47 PM

Previous topic - Next topic

fsck

We have a Meraki MX100 running w/ Advanced Security licensing.  This licensing has AMP/anti-malware protection and Anti-virus/anti-phishing.  I was thinking to also add endpoint protection for users, an actual client install.  Do you guys think this is excessive?  Since I have protection at the edge, the endpoint piece isn't needed?

I came across Carbon Black and Cylance, and was impressed with the way they handle threats and monitoring.  I figured if I had the budget, might as well use it and get even better protection.

deanwebb

You want multiple layers for security. Endpoint protection is a necessity.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

fsck

And that's what I was thinking and kind of felt was the way to go.  I just needed to voice it out.  Thanks deanwebb!!

Do you have any preferences for endpoint security?  Have you used either Carbon Black or Cylance?

Dieselboy

The meraki edge device cannot look into HTTPS or encrypted sessions so if they contain malware; they are allowed to pass on to the endpoint. You need endpoint protection in addition to be able to stop things such as this on the endpoint itself.

deanwebb

Quote from: fsck on December 05, 2018, 06:15:12 PM
And that's what I was thinking and kind of felt was the way to go.  I just needed to voice it out.  Thanks deanwebb!!

Do you have any preferences for endpoint security?  Have you used either Carbon Black or Cylance?

I was talking with a guy about that last night. He did a bake-off between Crowdstrike, Carbon Black, and Cylance. Crowdstrike did the best job of identifying the malware and what it was trying to do, both Crowdstrike and Cylance stopped his custom malware in all use cases attempted. Cylance also involves whitelisting stuff, so it's very aggressive in blocking stuff, which was too much for his liking.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

I use Cisco AMP. Do you know how that fairs up to those products, Dean?

deanwebb

Quote from: Dieselboy on December 07, 2018, 02:50:57 AM
I use Cisco AMP. Do you know how that fairs up to those products, Dean?

He wasn't impressed with them because of the way the firewall module competed for resources with the firewall in a way that could brick the firewall.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

Was that solely FTD or ASA as well?

Although the Cisco AMP I am referring to is the software install on Windows / Mac / iOS / Android.

deanwebb

This was on the ASA.

As for the AMP client, I've actually used CounterACT to deploy it in an incident response. That was some vendor cooperation, I tell you what! :)

Did not get to see it in a PoC, though.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.